Reasons to change a root certificate that is currently included in NSS may included, but are not limited to:
* Security Compromise
* Add a Trust Bit (one of websites, email code signing)
* Enable EV
* Disable a Root (turn off one or more of the trust bits)
* Remove a Root
=== Security Compromise ===
When a serious security concern is noticed, such as a major root compromise, it should be treated as a security-sensitive bug, and the [http://www.mozilla.org/projects/security/security-bugs-policy.html Mozilla Policy for Handling Security Bugs] should be followed.
=== Add a Trust Bit ===